[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Help needed for Openldap > Active directory slave/proxy setup.



On 12/14/12 15:33 +0100, Marco van Putten wrote:
Hi all,

We want to setup a Openldap server which is a slave to our Active directory. The ldap server only has to do replication of the necessary records to act as a address book for non Exchange users.

Further more the authentication has to be done against the users in the Active directory.

You can use use slapo-pbind or slapd-ldap to forward simple binds to active
directory. If you're performing sasl binds, you could configure slapd to
use saslauthd to authenticate PLAIN sasl binds against active directory:

~$ cat /etc/saslauthd.conf

ldap_servers: ldap://192.0.2.5
ldap_use_sasl: yes
ldap_mech: DIGEST-MD5

or you could configure saslauthd to use its kerberos5 backend.

I found some guides/examples to set up the authentication part. But none of them seems to do want we want because it requires to have the user in your Openldap server with a special "userPassword {SASL}user@domain.com" entry. But we want the openldap database to only contain contact information and not username/password information.

Does anybody know how to set up such a thing and can give me some hints/guides/recipes on how to do this?

--
Dan White